Wireshark-users: Re: [Wireshark-users] Fuzzy searches ?? (Possible)

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: j.snelders@xxxxxxxxxx
Date: Tue, 26 May 2009 22:31:01 +0200
Hi Kevin,

What about this display filter:
smb.file contains "File Name"

Hope this helps
Joan


On Tue, 26 May 2009 14:32:31 -0500 Kevin Gaudineer wrote:
>
>Not sure if this is possible but at one time I thought I had read an
>article (or post) about doing a fuzzy search with a Wireshark trace.  My
>scenario is that I am trying to chase a issue but it is unknown when the
>issue will happen.  So the support team has handed me a series of trace
>files that span several hours.  What I know is that the issue they want
>me to find is during a file transfer and the filenames to have a series
>of characters that are consistent during the transfer.  
>
>What I am trying to do is merge some of the trace files together around
>the time frame they gave when this issue happened, and I am trying to
>create a filter using a display filter with 'smb.file == {fuzzy search
>expression here} '  but I am not having luck.  Is it possible to do a
>search this way or should I just be trying to do the search with
>offsets?
>
>  
>
>Kevin L. Gaudineer
>
>Phone: (515)-241-7745
>
>Cell:  (515)-205-3069
>
>Email:  gaudinkl@xxxxxxx 
>
> 
>
> 
>
> 
>
>         ********************************************
>
>This message and accompanying documents are covered by the 
>Electronic Communications Privacy Act, 18 U.S.C. ?? 2510-2521, 
>and contain information intended for the specified individual(s) only. 
>This information is confidential. If you are not the intended recipient

>or an agent responsible for delivering it to the intended recipient, you
>
>are hereby notified that you have received this document in error and 
>that any review, dissemination, copying, or the taking of any action 
>based on the contents of this information is strictly prohibited. If you
>
>have received this communication in error, please notify us immediately

>by e-mail, and delete the original message.
>
>        *********************************************
>
>Bijlage: image001.jpg
>
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe